summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21161: Another fix for pam_winbind: Move the entire pwd expiry handling intoGünther Deschner1-14/+14
the PAM_SUCCESS block. Guenther (This used to be commit f4a704745cb0bd2c5dc2a9b16619d8ee30fd7ba1)
2007-10-10r21160: Some more pam_winbind fixes:Günther Deschner1-32/+79
* Consolidate all pam_winbind password expiry warnings in the one _pam_send_password_expiry_message() call. * Also convert some more NTSTATUS codes to error messages. * Add paranoia check to only do all the post-processing after PAM_SUCCESS. Guenther (This used to be commit 02713f314b65a14e659e801f7eebea453756ac44)
2007-10-10r21159: Cleanup pam_sm_chauthtok() in pam_winbind:Günther Deschner2-31/+44
Set info3 strings, krb5ccname and returned username after we changed a password and sucessfully re-authenticated afterwards. In that case we ended up without this information. Guenther (This used to be commit 034d42ba7236e67303a8221b7a613799d1a61b83)
2007-10-10r21158: Add _pam_setup_krb5_env() and _pam_warn_logon_type() functions forGünther Deschner1-31/+70
pam_winbind. Guenther (This used to be commit 1feb961577475dceb97948cd2fdb987005890498)
2007-10-10r21155: Forgot one _PAM_LOG_STATE_DATA_STRING call (only in 3_0).Günther Deschner1-0/+1
Guenther (This used to be commit 86b34cd5d6675c8f0a0becdcded36de4a815c898)
2007-10-10r21154: Add PAM_WINBIND_LOGONSERVER, also merge the various pam_set_data calls.Günther Deschner2-36/+69
Guenther (This used to be commit 97a0b1b79499af10930500ce857c93ffbacfdb6e)
2007-10-10r21152: Correctly omit pam conversations when PAM_SILENT has been set by theGünther Deschner2-57/+61
calling application. Guenther (This used to be commit ebfae9a671d2c960178228ba7fdcd07cb2f49a05)
2007-10-10r21151: applying patches for CVE-2007-045[34]Gerald Carter1-2/+4
(This used to be commit 1d46b2ae3447b3521987b2ab1064a6ea314cfa07)
2007-10-10r21149: Only say we are a groupmember for the optimized (rid 513) membershipGünther Deschner1-1/+4
lookup when we actually are. Although the Linux nss winbind backend protects against num_mem != 0 && buf == NULL. Guenther (This used to be commit a9ac4630b46242f88bd7a4e92511b55cc82e9940)
2007-10-10r21146: Fix debug typos.Günther Deschner2-2/+2
Guenther (This used to be commit cdef1d00b89abd632281d428f1e1a6b322559af4)
2007-10-10r21145: Convert some int to BOOL in pam_winbind (only in 3_0).Günther Deschner1-13/+13
Guenther (This used to be commit 1b82c5fa0e363942947453a8e1b74aa2b95d8733)
2007-10-10r21144: Create more accurate warning message when the pam_winbind chauthtok hasGünther Deschner1-12/+76
received NT_STATUS_PASSWORD_RESTRICTION. Guenther (This used to be commit 2ac9cb3bbd1980df54f1b6cc2cfb823be43f3230)
2007-10-10r21143: Fix wrong check for pam error codes for getpwnam and lookup winbindGünther Deschner1-13/+26
requests in pam_winbind (Bug #4094). Inspired by fix from Lars Heete. Guenther (This used to be commit 88e2185d2913e835e074dc3cc4ab1c631c3296a5)
2007-10-10r21130: Don't mix SAFE_FREE() and TALLOC_FREE().Gerald Carter1-1/+1
(This used to be commit 5c36d67d272a52f58532daa3c3c09b8f8b6a34e0)
2007-10-10r21122: Simplify code in pam_winbind a bit.Günther Deschner1-23/+20
Guenther (This used to be commit 08ca5ea6f1b09506055b2508aa79704f39b3bbd7)
2007-10-10r21112: fix const compile warningGerald Carter1-2/+2
(This used to be commit 6b754f7c96400d5d1f14e807aac0aa925c45eefb)
2007-10-10r21106: We neither need a account lockout policy handler nor a check domainGünther Deschner1-1/+2
online handler for internal (local SAM, BUILTIN) childs. Jeremy, please check. Guenther (This used to be commit 7d0e2e70684a7e3d377f56ed0244ed136b0b1a99)
2007-10-10r21101: Remove "unused" warning from Jerry's code. We stillJeremy Allison1-1/+0
have a build failure in 3.0.24 in event_add_timed ? Jeremy (This used to be commit ede30a8b4b705808d9c46ae848f5cbd89a808cdc)
2007-10-10r21098: When get_dc_name_via_netlogon() in get_dcs() fails to find a trusted DCGünther Deschner1-2/+2
we may not just assume that we look for our own realm's dcs next. Guenther (This used to be commit bf0c4ce7b1194e18cc16a044b042d0066463cf87)
2007-10-10r21070: * Add the new boolean 'winbind normalize names' option as discussedGerald Carter4-2/+49
on the samba-technical ml. The replacement character is hardcoded as a '_' for now. (This used to be commit bd8238417b8d692ed381a870901ff1ee4cfa80f6)
2007-10-10r21064: The core of this patch isVolker Lendecke3-21/+35
void message_register(int msg_type, void (*fn)(int msg_type, struct process_id pid, - void *buf, size_t len)) + void *buf, size_t len, + void *private_data), + void *private_data) { struct dispatch_fns *dfn; So this adds a (so far unused) private pointer that is passed from message_register to the message handler. A prerequisite to implement a tiny samba4-API compatible wrapper around our messaging system. That itself is necessary for the Samba4 notify system. Yes, I know, I could import the whole Samba4 messaging system, but I want to do it step by step and I think getting notify in is more important in this step. Volker (This used to be commit c8ae60ed65dcce9660ee39c75488f2838cf9a28b)
2007-10-10r21056: Moving the set_domain_online_request to fork_domain_child() (formerlyGünther Deschner1-9/+12
lived in trustdom_recv(). Jeremy, this is the better place I think but please check. Guenther (This used to be commit beed8b8b320ae9bd8aef669564a5403e4bb35bfd)
2007-10-10r21036: Fix the ad nss info backend to not abort the search when called ↵Gerald Carter1-16/+10
outside the idmap daemon (This used to be commit 57160e3dd96a7a776389da604393c20a738202ea)
2007-10-10r21033: To make the logs a bit more readable let the winbind dc connect childGünther Deschner1-0/+3
write to a separate logfile. Guenther (This used to be commit 0313edc0d66c26b5acb6250e0f146218a02b42cd)
2007-10-10r21020: Some pam_winbind fixes:Günther Deschner1-14/+13
* make debug_state also configurable from the config file * minor code cleanup Guenther (This used to be commit c562095953df55c91e3dad8f5c29c0b66664b62b)
2007-10-10r21019: Fix typo.Günther Deschner1-1/+1
Guenther (This used to be commit adb40884e04069e7de7580b6531675ebaed5c117)
2007-10-10r21018: Removing the set_domain_online_request again in trustdom_recv().Günther Deschner1-9/+0
Jeremy, we really can't do that. There are setups with hundred and more trusted domains out there, I have one customer who tells me it takes more then half an hour for him after winbind is up and running. That request registers the check_domain_online_handler which in turn forks off the child immediately. Also discussed with Volker. Guenther (This used to be commit ccd4812c0b436a12b809668d09c5681111125f3d)
2007-10-10r21016: Fix pam_sm_setcred again.Günther Deschner1-1/+1
Jerry, the switch statement must ignore the PAM_SILENT flag. Guenther (This used to be commit 46d23c72bf4f3bd04021a9caf8d6b1380352b811)
2007-10-10r21015: fix typo that breaks the buildGerald Carter1-1/+1
(This used to be commit f82a5175304a12b18abb2bc3d9fd9f7023998357)
2007-10-10r21014: move some functionss to winbindd_group.c and make staticGerald Carter2-148/+144
(This used to be commit af5a2fa9eccf753106cd944be31f38845363ace6)
2007-10-10r21013: * Remove "inline" keywordGerald Carter1-5/+5
* Remove anpther check for PAM_SILENT that prevents logging to syslog * Add missing check for TRY_FIRST_PASS when using authtok (missed from previous merge) (This used to be commit ed794f0872b749955f56112507fd3ae7a6c6e6f5)
2007-10-10r21012: Patch from Danilo Almeida @ Centeris (via me):Gerald Carter2-21/+168
Details: Improve PAM logging - The improved logging is far tracking down PAM-related bugs - PAM_SILENT was being mis-used to suppress syslog output instead of suppressing user output. This lets PAM_SILENT still log to syslog. - Allow logging of item & data state via debug_state config file option. - Logging tracks the pam handle used. (This used to be commit cc1a13a9f06e5c15c8df19d0fbb31dbdeb81a9cc)
2007-10-10r21011: Another patch from Danilo Almeida @ Centeris (via me):Gerald Carter1-4/+7
Details: Reset the "new password prompt required" state whenever we do a new auth. In more detail, in pam_sm_authenticate, if not settting PAM_WINBIND_NEW_AUTHTOK_REQD, then clean any potentially present PAM_WINBIND_NEW_AUTHTOK_REQD. (This used to be commit 402e8594759b42c1986f4f8d69273f68ec5160af)
2007-10-10r21009: Patch from Danilo Almeida @ Centeris (via me).Gerald Carter3-49/+236
Patch details: Support most options in pam_winbind.conf; support comma-separated names in require-membership-of. Details below: 1) Provides support for almost all config options in pam_winbind.conf (all except for use_first_pass, use_authtok, and unknown_ok). - That allows us to work well when invoked via call_modules from pam_unix2.conf as well as allowing use of spaces in names used w/require_membership_of. 2) Support for comma-separated list of names or SID strings in require_membership_of/require-membership-of. - Increased require_membership_of field in winbind request from fstring (256) to pstring (1024). - In PAM side, parse out multiple names or SID strings and convert all of them to SID strings. - In Winbind side, support membership check against multiple SID strings. (This used to be commit 4aca9864896b3e0890ffc9a6980d7ef1311138f7)
2007-10-10r21001: * Use a simple '#define LDAPMessage void' to fix the buildGerald Carter3-36/+3
problems in the nss_info interface when HAVE_LDAP is undefined. * Revert previous ifdef HAVE_ADS brakets * Remove an unused init function wrapper. (This used to be commit 2ba353848b6d8d36520e7fd82576653a39c602cd)
2007-10-10r20994: Remove unused code.James Peach1-122/+0
(This used to be commit 8052a18f29d32f37c52868b17143af8d76bf5e6e)
2007-10-10r20993: temporary build fix to get things going again on non-ADS systemsGerald Carter1-0/+4
(This used to be commit 8c23158f053b181421cb6206db7c8030ddcc2cea)
2007-10-10r20992: another attempt at fixing the build breakageGerald Carter2-22/+11
(This used to be commit 7011a1b5abc7d56da5beba904e3328014f315f0d)
2007-10-10r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter10-389/+754
This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving. (This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
2007-10-10r20951: Remove the DOM_SID field in the struct idmap_domain and bounceGerald Carter2-141/+128
domain SID lookups through the struct winbindd_domain *domain_list by searching by name. Refactor the order lookup when searching for the correct idmap_domain to a single function and remove the requirement that the default domain be listed first in the config file. I would still like to make the idmap_domain array a linked list and remove the existing code which makes use of indexes into the list. Basic testing with tdb pans out ok. (This used to be commit e6c300829ff08dd354f6e9460d396261681e4809)
2007-10-10r20915: Fixed the bad merge from 3.0.24.Jeremy Allison1-6/+8
Jeremy. (This used to be commit 018d7805b5ecb17e21e1a55b6cc65efaab4b3f63)
2007-10-10r20914: Sync up incorrect differences between 3.0.24 and 3.0Jeremy Allison1-12/+11
Jeremy. (This used to be commit a2222a565c658fe5154d9321edab69a95ddeed15)
2007-10-10r20911: Fix copyright message in winbindd to use the macro from smb.hGerald Carter1-2/+3
(This used to be commit e635bad00ecf083c34da339e3616c945a140e478)
2007-10-10r20905: Windows 2000 returns NT_STATUS_ACCOUNT_RESTRICTION if the pwGerald Carter1-3/+11
chnage fails due to policy settings where as 2003 (the chgpasswd3() request) fails with NT_STATUS_PASSWORD_RESTRICTION. Thunk down to the same return code so we correctly retreive the password policy in both cases. (This used to be commit 262bb80e9cf7fb6dbf93144ae0b939c84ec0ea04)
2007-10-10r20874: We need to distinguish client sitenames per realm. We were overwritingGünther Deschner1-2/+2
the stored client sitename with the sitename from each sucessfull CLDAP connection. Guenther (This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d)
2007-10-10r20860: Adding some small tweaks. When we have no sitename, there is no need toGünther Deschner1-9/+11
ask for the list of DCs twice. Guenther (This used to be commit a9baf27e1348dd6dadd7a2fafdf9c269087b80ac)
2007-10-10r20857: Silence gives assent :-). Checking in the fix forJeremy Allison1-4/+31
site support in a network where many DC's are down. I heard via Volker there is still a bug w.r.t the wrong site being chosen with trusted domains but we'll have to layer that fix on top of this. Gd - complain if this doesn't work for you. Jeremy. (This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
2007-10-10r20848: Minor typo.Günther Deschner1-1/+1
Guenther (This used to be commit fb730e1e7bb83d7dcf8a78302268e384fb9676ee)
2007-10-10r20846: Before this gets out of control...Volker Lendecke4-30/+48
This add a struct event_context and infrastructure for fd events to smbd. This is step zero to import lib/events. Jeremy, I rely on you to watch the change in receive_message_or_smb() closely. For the normal code path this should be the only relevant change. The rest is either not yet used or is cosmetic. Volker (This used to be commit cd07f93a8aecb24c056e33b1ad3447a41959810f)
2007-10-10r20824: Send access to the trusted domain passwords through the pdb backend, ↵Volker Lendecke2-3/+2
so that in the next step we can store them in LDAP to be replicated across DCs. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)